BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus.Win32.Virut.a
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Trial users > Virus.Win32.Virut.a  
Forum Quick Jump
 
New Topic Post reply to : Virus.Win32.Virut.a Printable version of : Virus.Win32.Virut.a
[ << Previous Thread | Next Thread >> ]

suzanna
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/10/2006 10:10 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
Hi everyone!

My pc is infected with virus.win32.virut.a i did have kaspersky and it was finding a lot of infected files. I didn't find the program very efficient though and decided against buying the full one. I've been trying Bullguard for 2 days now and find it easy to use etc. However, when it scanned it simply says malware found. Gives four places [I know I sound a bit dense, but I'm a 45 year old mother who only knows how to press the on and off button] Kaspersky found many, many files infected with the Win32 virus. I have two problems really. Firstly, doesn't matter how many time this virus pops up in various files and is disinfected, it just keeps going around in circles. [hates BS Player!] Bullguard won't let me delete it and Ad aware runs a scan until it comes up against Bullguard in the program files and then it just freezes. I just want an antivirus program that works and will rid my pc of this virus. This is my third trial in my search for an antivirus program to buy and so far I still have the virus.

Can anyone help? [Laymans terms if possible. No joined up writing!]

Many thanks

Suz
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 9/11/2006 1:20 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
Hi suzanna
 
 
 
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
 
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
 
Click on the green screwdriver-
Uncheck –Heurestic analysis
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Move
Remove checkmark from – Prompt on action
 
Click on the drive(s) you want to scan  . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your  drive(s), say yes to all

When the scan has finished, look if you can click next icon next to the files found
If so, click it and then click the next icon right below and select Move incurable
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.

After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.
 
 
 
Reboot normally -
 
 
1. Get newest Hijackthis from http://danborg.org/spy/hjt/alternativ.exe
Another name for Hijackthis exe

2 Install it in a PERMANENT folder! Example : c:\hijackthis\

3 Run hijackthis.  (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.
 
 
Post a hijackthis log along with drweb log, and tell how things are running
 
 
 


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

suzanna
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/11/2006 4:50 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
Many thanks!! I'll do that. I have been trying to download the Cure it program for about an hour now, though and it just keeps timing out. Nothing's downloading. Will keep trying.

Suz
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 9/11/2006 5:02 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
The link works fine, it can be Your firewall there block for it, deactivate/disable it and try again


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

suzanna
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/11/2006 6:57 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
I don't think I have a firewall. I have no anti virus programmes at the moment as I deleted them all. Only have Ewido and that doesn't have a firewall. Sorry to be such a pain. I know I should at least try and learn the basics!

Suz
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 9/11/2006 7:23 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
See if You download it from safe mode with network -
 
 
 
Reboot into Safe  Mode with netork   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode with network.
 
 
 
Otherwise post a hijackthis log, using alternativ exe


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

suzanna
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/18/2006 5:20 PM (GMT +2)    Quote: Virus.Win32.Virut.aAlert an admin about: Virus.Win32.Virut.a
Many apologies for the delay in responding. I've had trouble getting on the net at all. I have had norton scanning and it has found the virus, but is going round in circles. Have just used cc cleaner. Here's the hijack log. I'm really sorry if I've done it incorrectly.


Logfile of HijackThis v1.99.1
Scan saved at 16:19:29, on 18/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Suz\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Kerio MailServer (KerioMailServer) - Kerio Technologies - C:\Program Files\Kerio\MailServer\mailserver.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Server Software/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)



Suzanna
Back to Top
 
New Topic Post reply to : Virus.Win32.Virut.a Printable version of : Virus.Win32.Virut.a
 
Forum Information
Currently it is Thursday, October 30, 2014 9:03 PM (GMT +2)
There are a total of 60,721 posts in 13,339 threads.
In the last 3 days there were 7 new threads and 10 reply posts. View Active Threads
Who's Online
This forum has 36587 registered members. Please welcome our newest member, CarolHernandez.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard dosent update to latest versions (19)10/30/2014 6:35:00 PM (LeoK)
Syswow64 (13)10/30/2014 11:07:10 AM (missicbc)
Problems with Windows Live Mail & BG (11)10/30/2014 11:06:37 AM (missicbc)
Virus Removal (8)10/30/2014 11:05:15 AM (missicbc)
Cheap Kitchens in Cardiff (0)10/30/2014 3:30:07 AM (gaecuqqq)